[GitHub] [nifi] exceptionfactory opened a new pull request, #6198: NIFI-10196 Correct Jolt UI CSRF Header Handling

Mon, 11 Jul 2022 20:02:24 -0700 


exceptionfactory opened a new pull request, #6198:
URL: https://github.com/apache/nifi/pull/6198

   # Summary
   
   [NIFI-10196](https://issues.apache.org/jira/browse/NIFI-10196) Corrects 
Cross Site Request Forgery header handling in the advanced user interface for 
the `JoltTransformJSON` Processor.
   
   Previous adjustments for CSRF handling in 
[NIFI-9339](https://issues.apache.org/jira/browse/NIFI-9339) set the 
`Request-Token` header during initialization, but the approach does not handle 
subsequent requests when the CSRF cookie value changes.
   
   The corrected approach uses [AngularJS XSRF 
Protection](https://docs.angularjs.org/api/ng/service/$http#cross-site-request-forgery-xsrf-protection)
 request interception based configuring the `xsrfCookieName` and 
`xsrfHeaderName` properties of the HTTP service. The standard AngularJS XSRF 
interceptor reads the cookie value and sets the request header for each request 
to leverage the current value.
   
   # Tracking
   
   Please complete the following tracking steps prior to pull request creation.
   
   ### Issue Tracking
   
   - [X] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue 
created
   
   ### Pull Request Tracking
   
   - [X] Pull Request title starts with Apache NiFi Jira issue number, such as 
`NIFI-00000`
   - [X] Pull Request commit message starts with Apache NiFi Jira issue number, 
as such `NIFI-00000`
   
   ### Pull Request Formatting
   
   - [X] Pull Request based on current revision of the `main` branch
   - [X] Pull Request refers to a feature branch with one commit containing 
changes
   
   # Verification
   
   Please indicate the verification steps performed prior to pull request 
creation.
   
   ### Build
   
   - [X] Build completed using `mvn clean install -P contrib-check`
     - [X] JDK 8
     - [ ] JDK 11
     - [ ] JDK 17
   
   ### Licensing
   
   - [ ] New dependencies are compatible with the [Apache License 
2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License 
Policy](https://www.apache.org/legal/resolved.html)
   - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` 
files
   
   ### Documentation
   
   - [ ] Documentation formatting appears as expected in rendered files
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to